59 lines
1.7 KiB
YAML
59 lines
1.7 KiB
YAML
networks:
|
|
traefik:
|
|
external: true
|
|
|
|
secrets:
|
|
tunnel_ssh_host_key:
|
|
external: true
|
|
tunnel_authorized_keys:
|
|
external: true
|
|
tunnel_traefik_deploy_key:
|
|
external: true
|
|
|
|
services:
|
|
tunnel-server:
|
|
image: git.nixc.us/colin/better-argo-tunnels:production
|
|
networks:
|
|
- traefik
|
|
secrets:
|
|
- source: tunnel_ssh_host_key
|
|
target: host_key
|
|
mode: 0400
|
|
- source: tunnel_authorized_keys
|
|
target: authorized_keys
|
|
mode: 0440
|
|
- source: tunnel_traefik_deploy_key
|
|
target: traefik_deploy_key
|
|
mode: 0400
|
|
environment:
|
|
SSH_PORT: "2222"
|
|
PORT_RANGE_START: "10000"
|
|
PORT_RANGE_END: "10100"
|
|
SSH_HOST_KEY: "/run/secrets/host_key"
|
|
AUTHORIZED_KEYS: "/run/secrets/authorized_keys"
|
|
TRAEFIK_SSH_HOST: "ingress.nixc.us"
|
|
TRAEFIK_SSH_USER: "root"
|
|
TRAEFIK_SSH_KEY: "/run/secrets/traefik_deploy_key"
|
|
TRAEFIK_CONFIG_DIR: "/root/traefik/dynamic"
|
|
TRAEFIK_ENTRYPOINT: "websecure"
|
|
TRAEFIK_CERT_RESOLVER: "letsencryptresolver"
|
|
HOSTNAME: "{{.Node.Hostname}}"
|
|
NODE_ID: "{{.Node.ID}}"
|
|
SERVICE_NAME: "{{.Service.Name}}"
|
|
TASK_ID: "{{.Task.ID}}"
|
|
ENVIRONMENT: "production"
|
|
ports:
|
|
- "2222:2222"
|
|
- "10000-10100:10000-10100"
|
|
deploy:
|
|
replicas: 1
|
|
placement:
|
|
constraints:
|
|
- node.hostname == macmini1
|
|
labels:
|
|
traefik.enable: "true"
|
|
traefik.tcp.routers.tunnel-ssh-router.rule: "HostSNI(`*`)"
|
|
traefik.tcp.routers.tunnel-ssh-router.entrypoints: "ssh"
|
|
traefik.tcp.services.tunnel-ssh-service.loadbalancer.server.port: "2222"
|
|
traefik.docker.network: "traefik"
|